CVE-2023-53931

MEDIUM

Revive Adserver 5.4.1 - Stored Cross-Site Scripting via Banner Advanced Settings

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53931. PoCs published by Mirabbas Ağalarov.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in revive-adserver v5.4.1 by injecting malicious JavaScript payloads into the 'prepend' and 'append' parameters of the banner creation form. The payload is executed when an admin views the banner configuration.

Description

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.

Exploits (1)

exploitdb WORKING POC

by Mirabbas Ağalarov · textwebappsphp

https://www.exploit-db.com/exploits/51401

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in revive-adserver v5.4.1 by injecting malicious JavaScript payloads into the 'prepend' and 'append' parameters of the banner creation form. The payload is executed when an admin views the banner configuration.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: revive-adserver v5.4.1

Auth required

Prerequisites: Admin access to the banner creation form · Valid session cookie

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/51401

Product product

https://www.revive-adserver.com/

Exploit, Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/revive-adserver-cross-site-scripting-via-banner-advanced-settings

Scores

CVSS v3 6.1

EPSS 0.0226

EPSS Percentile 80.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

Revive-adserver/revive-adserver 5.4.1

revive-adserver/revive_adserver 5.4.1

Published Dec 17, 2025

Tracked Since Feb 18, 2026